Forensic Analysis: Conduct a forensic analysis to determine the scope and impact of the breach. This involves examining affected systems, identifying the extent of data exposure, and understanding the attacker's methods.

Root Cause Analysis: Investigate the root cause of the breach to understand how it occurred. Was it due to a vulnerability, human error, or a targeted cyberattack? Identifying the cause helps prevent future incidents.

Assessing Impact: Assess the impact of the breach, both in terms of data exposed and potential harm to affected individuals. This assessment informs the organisation's next steps and potential legal obligations.